UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

System audit logs must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-812 GEN002680 SV-38477r2_rule ECTP-1 Medium
Description
Failure to give ownership of system audit log files to root provides the designated owner and unauthorized users with the potential to access sensitive information.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-06-12

Details

Check Text ( C-36424r2_chk )
Inspect the auditing configuration file, /etc/rc.config.d/auditing, to determine the filename and path of the audit logs. The entries should appear similar to the following:
PRI_AUDFILE=/var/.audit/file1
SEC_AUDFILE=/var/.audit/file2

# egrep “PRI_AUDFILE|SEC_AUDFILE” /etc/rc.config.d/auditing

For each audit log directory/file, check the ownership.
# ls -lLd
# ls -lLa

If any audit log directory/file is not owned by root, this is a finding.
Fix Text (F-31763r2_fix)
As root, change the ownership.
# chown root
# chown root